Adding HostResolverMode as enum, minor changes

Signed-off-by: shikharj05 <8859327+shikharj05@users.noreply.github.com>

Author: shikharj05

src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java

@@ -52,6 +52,7 @@
 import org.opensearch.security.securityconf.impl.v7.RoleV7;
 import org.opensearch.security.securityconf.impl.v7.TenantV7;
 import org.opensearch.security.support.ConfigConstants;
+import org.opensearch.security.support.HostResolverMode;
 import org.opensearch.security.support.WildcardMatcher;
 import org.opensearch.security.user.User;
 
@@ -330,15 +331,16 @@ private Set<String> map(final User user, final TransportAddress caller) {
                     }
 
                     if (caller.address() != null
-                        && (hostResolverMode.equalsIgnoreCase("ip-hostname") || hostResolverMode.equalsIgnoreCase("ip-hostname-lookup"))) {
+                        && (hostResolverMode.equalsIgnoreCase(HostResolverMode.IP_HOSTNAME.getValue())
+                            || hostResolverMode.equalsIgnoreCase(HostResolverMode.IP_HOSTNAME_LOOKUP.getValue()))) {
                         final String hostName = caller.address().getHostString();
 
                         for (String p : WildcardMatcher.getAllMatchingPatterns(hostMatchers, hostName)) {
                             securityRoles.addAll(hosts.get(p));
                         }
                     }
 
-                    if (caller.address() != null && hostResolverMode.equalsIgnoreCase("ip-hostname-lookup")) {
+                    if (caller.address() != null && hostResolverMode.equalsIgnoreCase(HostResolverMode.IP_HOSTNAME_LOOKUP.getValue())) {
 
                         final String resolvedHostName = caller.address().getHostName();
 

src/main/java/org/opensearch/security/support/HostAndCidrMatcher.java

@@ -25,9 +25,6 @@
  * This matcher supports both wildcard hostname patterns (e.g., *.example.com) and CIDR notation (e.g., 192.168.1.0/24).
  */
 public class HostAndCidrMatcher {
-    private static final String IP_HOSTNAME = "ip-hostname";
-    private static final String IP_HOSTNAME_LOOKUP = "ip-hostname-lookup";
-
     protected final Logger log = LogManager.getLogger(HostAndCidrMatcher.class);
     private final WildcardMatcher hostMatcher;
     private final List<IPAddressString> cidrMatchers;
@@ -66,7 +63,7 @@ public boolean matchesCidr(InetAddress address) {
             return cidrMatchers.stream().anyMatch(cidrAddress -> cidrAddress.contains(addressString));
         } catch (Exception e) {
             log.warn("Failed to process IP address {}: {}", address, e.getMessage());
-            return false;
+            throw new RuntimeException("Invalid Address format used");
         }
     }
 
@@ -75,8 +72,7 @@ public boolean matchesCidr(InetAddress address) {
      * This method can perform DNS lookups depending on the hostResolverMode.
      *
      * @param address The IP address to check
-     * @param hostResolverMode The resolution mode. Must be either "ip-hostname" or
-     *                         "ip-hostname-lookup" to enable hostname matching
+     * @param hostResolverMode The resolution mode. Must be one of {@link HostResolverMode} to enable hostname matching
      * @return true if the address matches any configured hostname pattern, false otherwise,
      *         if the address is null, or if the resolver mode is invalid
      * @implNote This method may perform DNS lookups which could impact performance
@@ -88,7 +84,8 @@ public boolean matchesHostname(InetAddress address, String hostResolverMode) {
 
         List<String> valuesToCheck = new ArrayList<>(List.of(address.getHostAddress()));
         if (hostResolverMode != null
-            && (hostResolverMode.equalsIgnoreCase(IP_HOSTNAME) || hostResolverMode.equalsIgnoreCase(IP_HOSTNAME_LOOKUP))) {
+            && (hostResolverMode.equalsIgnoreCase(HostResolverMode.IP_HOSTNAME.getValue())
+                || hostResolverMode.equalsIgnoreCase(HostResolverMode.IP_HOSTNAME_LOOKUP.getValue()))) {
             try {
                 final String hostName = address.getHostName();  // potential blocking call
                 valuesToCheck.add(hostName);

src/main/java/org/opensearch/security/support/HostResolverMode.java

@@ -0,0 +1,16 @@
+package org.opensearch.security.support;
+
+public enum HostResolverMode {
+    IP_HOSTNAME("ip-hostname"),
+    IP_HOSTNAME_LOOKUP("ip-hostname-lookup");
+
+    private final String value;
+
+    HostResolverMode(String value) {
+        this.value = value;
+    }
+
+    public String getValue() {
+        return value;
+    }
+}

src/test/java/org/opensearch/security/support/HostAndCidrMatcherTest.java

@@ -177,13 +177,6 @@ public void shouldHandleInvalidCidrNotation() throws Exception {
         assertThat(matcher.matchesCidr(address), is(false));
     }
 
-    @Test(expected = Exception.class)
-    public void shouldHandleMalformedIpAddresses() throws Exception {
-        matcher = new HostAndCidrMatcher(Arrays.asList(PRIVATE_CLASS_C_CIDR));
-        InetAddress address = InetAddress.getByName("invalid.ip.address");
-        matcher.matchesCidr(address);
-    }
-
     @Test
     public void shouldMatchIpHostnameLookupMode() throws Exception {
         matcher = new HostAndCidrMatcher(Arrays.asList(OPENSEARCH_DOMAIN));

src/test/java/org/opensearch/security/support/HostResolverModeTest.java

@@ -0,0 +1,24 @@
+package org.opensearch.security.support;
+
+import org.junit.Test;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+
+public class HostResolverModeTest {
+
+    @Test
+    public void testIpHostnameValue() {
+        assertThat(HostResolverMode.IP_HOSTNAME.getValue(), is("ip-hostname"));
+    }
+
+    @Test
+    public void testIpHostnameLookupValue() {
+        assertThat(HostResolverMode.IP_HOSTNAME_LOOKUP.getValue(), is("ip-hostname-lookup"));
+    }
+
+    @Test
+    public void testEnumCount() {
+        assertThat(HostResolverMode.values().length, is(2));
+    }
+}